what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2016-05-16 to 2016-05-17

Web2py 2.14.5 CSRF / XSS / Local File Inclusion
Posted May 16, 2016
Authored by Nahendra Bhati

Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, csrf
advisories | CVE-2016-4806, CVE-2016-4807, CVE-2016-4808
SHA-256 | 967983318fc0a206d3dfe9b11f666c89eaa24b3941dd90b7f0560b57b3f2d15a
Ubuntu Security Notice USN-2979-4
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-4 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | f8e3be2b927e976c9209bd751acdb51d9b30164629cb20cc001b615de8729e1d
Ubuntu Security Notice USN-2979-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
SHA-256 | f54efabc7a7953e27810fe6ce72422448a5483cf73e0c1c26490ee17ddb6515d
Ubuntu Security Notice USN-2979-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-2 - USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
SHA-256 | cdb2c86cd663d5c26cde9b3c2a5708b24e10070bf88b9fc77d97870354cfaeb1
Ubuntu Security Notice USN-2977-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2977-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | d6b3be39ac7937bb9c063bc7588dc509dfded0b1d2782055a62769be30157ce9
Ubuntu Security Notice USN-2976-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2976-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | a7e8c5cbdc10dd613588bad7d3979dece9409d0fcc442c155c1452784fcf6482
Ubuntu Security Notice USN-2978-3
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | 380a8900f2b41cbbcdc679855c577286d9e8ac890b72e924185614245a2678d8
Ubuntu Security Notice USN-2975-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2975-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | ce4aa24f49da8508bdc20d9f6ec8279498501fffb6953834550e0930d92b30a2
Ubuntu Security Notice USN-2975-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2975-2 - USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | feac0eb25f9c1cd3fa095cee054213a408415e169c7b4778f95545c5dacb38c1
Ubuntu Security Notice USN-2978-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-2 - USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
SHA-256 | 64141def5026b2fd37a8d73d52076845eb142cd7b02d5e2f75a7ec27d647aa30
Ubuntu Security Notice USN-2979-3
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
SHA-256 | ebdfe841208c413cc4a3580e230a63f56eb848beb54d4fc7056c707f90f943df
Ubuntu Security Notice USN-2978-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
SHA-256 | c7ba527bc03f4e3f11f857d8f2bda733be9c17654f1a0e13e3c436345ac34da5
Nexon Games Privilege Escalation
Posted May 16, 2016
Authored by Cyril Vallicari

Multiple Nexon games suffer from an unquoted path privilege escalation vulnerability.

tags | exploit
SHA-256 | ae3dc720652a1161004450af6de86cde4682dd9e3789a6fea1dd95a02ff904b7
Debian Security Advisory 3580-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3580-1 - Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.

tags | advisory, web, local, vulnerability
systems | linux, debian
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718
SHA-256 | 747cf13d24c6beb4d0ce9afc86b233876539d3430e7ac143db6dd5daba44316e
Hex: Shard Of Fate 1.0.1.026 Privilege Escalation
Posted May 16, 2016
Authored by Cyril Vallicari

Hex: Shard of Fate version 1.0.1.026 suffers from an unquoted path privilege escalation vulnerability.

tags | exploit
SHA-256 | a21e1888cef138f37d32feb4f851bcb83406be17358d447e2ca62f796c0bc177
TP-Link SC2020n Authenticated Telnet Injection
Posted May 16, 2016
Authored by Nicholas Starke | Site metasploit.com

The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials.

tags | exploit, web, cgi, root
SHA-256 | 6d9bcf28b50744ae1b54ed55f4fdaa3d592c14f7b0231ff8fe3e82e0cf7640ca
SAP MII 15.0 Directory Traversal
Posted May 16, 2016
Authored by Dmitry Chastuhin

SAP MII version 15.0 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 3d47db897ab0c13589383048d607feb517d5192140c1fe1fec6f7b1c71e770f9
SAP NetWeaver AS JAVA 7.4 Cross Site Scripting
Posted May 16, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA version 7.4 suffers from a cross site scripting vulnerability.

tags | exploit, java, xss
SHA-256 | 6b5b4efd5d7e256e564699033608a728468786c991209741d89bfdce20049406
PLANET IP LFI / CSRF / XSS / Authentication Bypass
Posted May 16, 2016
Authored by OrwellLabs | Site orwelllabs.com

Various PLANET IP cameras suffer from local file inclusion, arbitrary file read, information disclosure, cross site request forgery, cross site scripting, and hard-coded credential vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, xss, bypass, file inclusion, info disclosure, csrf
SHA-256 | 32a7e102bd9444774357f4899f075de9a6081f7cccd69d5a1179bd263341ef93
Merit LILIN XSS / CSRF / Credential Issues
Posted May 16, 2016
Authored by OrwellLabs | Site orwelllabs.com

Merit LILIN IP cameras suffer from cross site request forgery, cross site scripting, hard-coded credential, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | a711535aafed30d30e1a56926ee5a7846d632335d1407d6a65b454b5335e783b
Debian Security Advisory 3579-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3579-1 - Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.

tags | advisory
systems | linux, debian
advisories | CVE-2016-2099
SHA-256 | 45b6e047db4b73858971629f52ff7aa4053af4847c4a43806674c5fe5dc051ca
Debian Security Advisory 3578-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3578-1 - It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2059
SHA-256 | 0f6df94ca20bee4e1e8ac06f0e309a5d702366a562dcfdf9f35c4080410948d4
Debian Security Advisory 3577-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3577-1 - Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2016-4425
SHA-256 | 35e0db4c71f3007af50999c51a455a7780263187a843797552b6d84891ce2fb6
Adobe Flash addProperty Use-After-Free
Posted May 16, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free vulnerability in addProperty.

tags | exploit
systems | linux
advisories | CVE-2016-4108
SHA-256 | 1b2c5c8671f279a72c51ff397907b306c28103beaa466105adb2ca954f9d46cf
Adobe Flash MP4 File Stack Corruption
Posted May 16, 2016
Authored by Google Security Research, natashenka

A malicious mp4 file can cause stack corruption in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2016-1096
SHA-256 | 5c20d0caed9aa474e926c8c2f3fe70234702e7285a0649e165699ff480f97a1e
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close